Why not just block them at your interface with an access-list (firewall) filter? On Tue, 14 Apr 1998, Forrest W. Christian wrote: :On Tue, 14 Apr 1998, Hank Nussbacher wrote: : :> All outgoing pkts to 220.88.192.128/27 now should go to Null0. I am sure :> one can improve on the logic even more. : :Exactly. All OUTGOING packets. Not Incoming. Not the smurf attack :packets which are swamping your downstream customer, which have a source :address from 220.88.192.128/27. : :I will concede that shutting off connectivity to a site by a large enough :chunk of the net should get someone to fix stuff.... But part of the :advantage of the MAPS RBL BGP feed is that it helps to cut down spam :coming into your network. A BGP feed TODAY won't block a ping :amplification attack aimed at your network or a downstream. All it will :do is prevent your customers from using the ping amplification networks to :launch an attack. And, if you have the appropriate anti-spoofing filters :in place, they shouldn't be able to attack anything other than the valid :source addresses you have in your outbound filter set. : :- Forrest W. Christian (forrestc@imach.com) :---------------------------------------------------------------------- :iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com :Solutions for your high-tech problems. (406)-442-6648 :---------------------------------------------------------------------- : : -- Regards, Jason A. Lixfeld jlixfeld@idirect.ca iDirect Network Operations jlixfeld@torontointernetxchange.net --------------------------------------------------------------------- TUCOWS Interactive Ltd. o/a | "A Different Kind of Internet Company" Internet Direct Canada Inc. | "FREE BANDWIDTH for Toronto Area IAPs" 5415 Dundas Street West | http://www.torontointernetxchange.net Suite 301, Toronto Ontario | (416) 236-5806 (T) M9B-1B5 CANADA | (416) 236-5804 (F) ---------------------------------------------------------------------